Privileged account exploitation remains at the core of targeted cyber attacks. An insight into some of the most high-profile breaches reveals a highly predictable pattern. Attackers are capable of crashing through hijack credentials, network perimeter, and utilize the same for moving laterally across the entire network. They also undertake additional credentials and enhance privileges towards achieving their goals.

SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine. Details of these DDoS attacks have not yet been publicly identified.

The world is in a tumultuous place at the time of this writing, with all eyes on the escalating ground war unfolding in Ukraine. As devastating as the news has been, cybersecurity observers are well aware of the unseen battles unfolding simultaneously in cyberspace. The importance of businesses, governments, and other organizations protecting vital systems and sensitive data has never faced such a stark context.

In this blog post, we outline why companies need to stay vigilant and what they can do to defend themselves.

Just days after Russia launched its invasion against the people of Ukraine, news reports emerged of several cyberattacks. Deployed systematically ahead of the land invasion, Russian cyberattacks against Ukraine have rendered Ukrainian banks, government departments and other core services unavailable through the use of sophisticated ‘data wipers

Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping.

If a couple of years ago Distributed Denial of Service attacks (DDoS) were just a nuisance for businesses, today they constitute serious, costly cybercrime. Equally, if not more alarming, is the use of cybercriminals as surrogates in state-to-state political conflicts. The tools for launching these attacks are easily available online. They are so simple and cheap to use that even amateur citizen fraudsters and kids can commit a financial crime.

Netskope is keeping a close watch on the rapidly changing situation in Ukraine. Along with the attention we are giving to the safety and well-being of Netskope employees in the region, we are in a state of high alert with respect to cyber threats and risks to our customers. Netskope Threat Labs is continuously monitoring cybersecurity threats related to the conflict in Ukraine.

The following organizations should raise their INFOCON levels and be prepared for cyber-attacks because of this conflict: Our threat intelligence teams continue to enhance Obrela’s technology with new threat intel information as soon as it becomes available. We are conducting threat hunting activities to proactively detect and respond to emerging threats.

The Russia-Ukraine conflict currently is ongoing and continues to escalate. Trustwave is on heightened alert, and we are actively monitoring malicious cyber activity associated with and adjacent to the conflict between Russia and Ukraine.